Hi,
I have just built Kamailio from Git master, configured TCP and TLS, and an
HTTP event route. I was able to connect to Kamailio over TLS using Google
Chrome (and saw the "SSL Error: The site's security certificate is not
trusted!" page). After I clicked on "Proceed anyway" I saw the log
message I put in the HTTP event route come out.
I also logged in with Jitsi using TLS and that worked fine too.
I tried this with both the WebSocket module loaded and without it, and it
worked in both cases.
I also tried the above with TCP and that worked fine as well.
As far as I can tell TLS is working in Kamailio Git master.
Regards,
Peter
On Wed, Jul 11, 2012 at 9:37 PM, Peter Dunkley
<peter.dunkley(a)crocodile-rcs.com> wrote:
Hi,
WebSockets over TLS works which requires establishing a TLS connection
and
exchanging an HTTP request and response. It doesn't sound like this
connection is even getting passed the TLS handshake part?
Peter
Hi,
That was my first guess. I will run some tests with plain tcp socket
and post update.
cheers.
>
> On Wed, 2012-07-11 at 17:14 +0200, Klaus Darilion wrote:
>
> Maybe there were some changes fore websocket support which cause
> problems. Do plain TCP connections work?
>
> klaus
>
> On 11.07.2012 16:20, Aft nix wrote:
> > On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion
> > <klaus.mailinglists(a)pernau.at> wrote:
> >> I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make
> >> sure to
> >> specify "ca_list" if intermediate certificates are used.
> >>
> >
> > I was working with master branch, not 3.3 branch.
> >
> >>
> >> regards
> >> Klaus
> >>
> >> On 09.07.2012 13:27, Aft nix wrote:
> >>>
> >>> Hi,
> >>>
> >>> I have enabled tls parameters as follows:
> >>>
> >>> in kamailio.cfg
> >>>
> >>> listen = tls:<IP>:<PORT>
> >>>
> >>> in tls.cfg
> >>>
> >>> [server:<IP>:<PORT>]
> >>> method = TLSv1
> >>> verify_certificate = no
> >>> require_certificate = no
> >>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
> >>> certificate = /usr/local/etc/kamailio/
> kamailio-selfsigned.pem
> >>>
> >>> Now if i try to connect to this interface using openssl s_client, it
> >>> does connects,
> >>> but now server certificate is sent from kamailio.
> >>>
> >>> kamailio log shows this :
> >>>
> >>> <core> [ip_addr.c:247]: tcpconn_new: new tcp connection:
<CLIENT
> >>> IP>
> >>> <core> [tcp_main.c:10